CN101159542B - Method and system for saving and/or obtaining authentication parameter on terminal network appliance - Google Patents
Method and system for saving and/or obtaining authentication parameter on terminal network appliance Download PDFInfo
- Publication number
- CN101159542B CN101159542B CN2007101772199A CN200710177219A CN101159542B CN 101159542 B CN101159542 B CN 101159542B CN 2007101772199 A CN2007101772199 A CN 2007101772199A CN 200710177219 A CN200710177219 A CN 200710177219A CN 101159542 B CN101159542 B CN 101159542B
- Authority
- CN
- China
- Prior art keywords
- authentication parameter
- parameter
- main control
- identifying code
- control module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method for saving and/or acquiring authentication parameters on terminal network equipment. When saving the authentication parameters on the terminal network equipment, a user terminal calculates the encrypted authentication parameters to produce a first identifying code; while acquiring the authentication parameters from the terminal network equipment, the terminal network equipment calculates the pre-saved encrypted authentication parameters to produce a second identifying code and compares the first identifying code with the second identifying code; the terminal network equipment sends the encrypted authentication parameters to the user terminal only when the two codes are the same. Accordingly, the invention also discloses a system for saving and/or acquiring authentication parameters on the terminal network equipment. Thereby, the invention avoids the criminal to obtain authentication parameters if the criminal doesn't get the identifying codes at the same after the terminal network equipment is stolen illegally, so that the stolen terminal network equipment can not work, the right of the terminal network equipment owner is protected, and the safety of the network communication is improved.
Description
Technical field
The present invention relates to the security fields of network service, relate in particular to a kind of method and system of on terminal network appliance, preserving and obtain authentication parameter.
Background technology
High speed development along with network technology, people are also more and more higher to the security requirement of network service, many new safe practices are gradually adopted, as: PKMv2 (Privacy Key Management Version 2, the key management system version 2) agreement, EAP (Extensible Authentication Protocol, but the extended authentication agreement) agreement and AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm etc., they provide access control, data integrity, data security, anti-replay-attack, security services such as automatic key management have improved transfer of data and authentification of user to a certain extent, the fail safe of authorizing.But An Quan system if authentication parameter is stolen, also is at one's wit's end again, and therefore, the preservation to authentication parameter in network security technology is crucial.
At present, because appearance from the demands such as network that are dynamically connected, cause a lot of authentication parameters to be stored on the terminal network appliances such as network interface card, this has just had opportunity to the lawless person, because after terminal network appliance is lost, if the user does not lock the account immediately, the lawless person just can use on the regular software slave unit that is complementary with terminal network appliance and read authentication parameter, and then be connected to network, cause damage to validated user, in this case, only authentication parameter is carried out simple encryption and decryption processing and do not have too many use, because what illegal person used also is regular software, can correctly decipher the authentication parameter after encrypting.
In summary, have the technology of on terminal network appliance, preserving and obtain authentication parameter now, on reality is used, obviously have inconvenience and defective, so be necessary to be improved.
Summary of the invention
At above-mentioned defective, the object of the present invention is to provide a kind of method and system of on terminal network appliance, preserving and obtain authentication parameter, it can guarantee that the authentication parameter that is kept on the terminal network appliance is not illegally accessed, and then has improved the fail safe of network communication.
To achieve these goals, the invention provides a kind of method of on terminal network appliance, preserving and obtain authentication parameter, be applied to comprise the system of user terminal and terminal network appliance, described method comprises step of preserving authentication parameter and the step of obtaining authentication parameter, and the step of described preservation authentication parameter comprises:
A) after user terminal receives user's preservation authentication parameter request, authentication parameter is encrypted;
B) user terminal calculates the authentication parameter after encrypting and generates first identifying code, and this first identifying code is preserved;
C) authentication parameter after user terminal will be encrypted is issued terminal network appliance, is preserved by the authentication parameter of terminal network appliance after to this encryption;
The described step of obtaining authentication parameter comprises:
A) user terminal receive the user obtain the authentication parameter request after, this user terminal obtains first identifying code of previous preservation;
B) user terminal obtains the authentication parameter request with this and sends to terminal network appliance, and obtains at this and to carry first identifying code in authentication parameter request;
C) authentication parameter of terminal network appliance after according to previous encryption of preserving calculates and generate second identifying code, and second identifying code and first identifying code are compared, and be identical as if both, execution in step d then, otherwise execution in step e;
D) authentication parameter after terminal network appliance will be encrypted sends to user terminal, is decrypted by the authentication parameter of user terminal after to this encryption;
E) terminal network appliance returns error message and gives user terminal.
The method according to this invention, described user terminal include first main control module, parameter encrypting module, parameter deciphering module, the first identifying code generation module and first storage medium; Described terminal network appliance includes second main control module, parameter is preserved module, parameter acquisition module, the second identifying code generation module and second storage medium;
The step of described preservation authentication parameter further comprises:
A) after first main control module of user terminal receives user's preservation authentication parameter request, authentication parameter is sent to the parameter encrypting module, by this parameter encrypting module authentication parameter is encrypted, and the authentication parameter of parameter encrypting module after will encrypting returns to first main control module;
B) authentication parameter after first main control module of user terminal will be encrypted sends to the first identifying code generation module, authentication parameter after by the first identifying code generation module this being encrypted calculates and generates first identifying code, and this first identifying code is saved in first storage medium;
C) first main control module of user terminal sends the authentication parameter request of preserving to second main control module of terminal network appliance, and comprise the authentication parameter after the encryption in this preservation authentication parameter request, authentication parameter after will being encrypted by second main control module of terminal network appliance sends to parameter and preserves module, and the authentication parameter of being preserved after module will be encrypted by this parameter is saved in second storage medium again;
The described step of obtaining authentication parameter further comprises:
A) first main control module of user terminal receive the user obtain the authentication parameter request after, this first main control module sends to the first identifying code generation module and obtains the first identifying code request, and this first identifying code generation module reads first identifying code and returns to first main control module from first storage medium;
B) first main control module of user terminal obtains second main control module that the authentication parameter request sends to terminal network appliance with this, and obtains at this and to carry first identifying code in authentication parameter request;
C) second main control module of terminal network appliance obtains the authentication parameter request with this and sends to parameter acquisition module, this parameter acquisition module authentication parameter after the reading encrypted and return to second main control module from second storage medium; Authentication parameter after this second main control module will be encrypted sends to the second identifying code generation module, the authentication parameter of this second identifying code generation module after to this encryption calculates and generates second identifying code and return to second main control module, by second main control module this second identifying code and first identifying code are compared, if both are identical, execution in step d then, otherwise execution in step e;
D) authentication parameter after second main control module of terminal network appliance will be encrypted sends to first main control module of user terminal, authentication parameter after will being encrypted by first main control module again is transmitted to the parameter deciphering module of user terminal, be decrypted by the authentication parameter of parameter deciphering module after, and the authentication parameter after will deciphering sends to first main control module this encryption;
E) second main control module of terminal network appliance returns error message to first main control module of user terminal.
The method according to this invention, first main control module of described user terminal, parameter encrypting module, parameter deciphering module and the first identifying code generation module have constituted the subscriber terminal side application subsystem.
The method according to this invention, second main control module of described terminal network appliance, parameter are preserved module, parameter acquisition module and the second identifying code generation module and have been constituted terminal network appliance side embedded subsystem.
The method according to this invention in the step of described preservation authentication parameter, also comprises after the described step C:
The parameter of D, terminal network appliance is preserved module the authentication parameter saving result is sent to second main control module; Second main control module returns to this authentication parameter saving result first main control module of user terminal again; This first main control module reports to the user with this authentication parameter saving result.
The method according to this invention, in the described step of obtaining authentication parameter:
Behind the authentication parameter after user terminal obtains deciphering in the described steps d, first main control module of user terminal obtains successful information to the user report authentication parameter;
After user terminal received error message among the described step e, first main control module of user terminal obtained failure information to the user report authentication parameter.
The method according to this invention, the step of described preservation authentication parameter is used when landing network first for the user, and the described step of obtaining authentication parameter for the user except that first land network the time use.
The method according to this invention, described user terminal uses identical algorithm that the authentication parameter after encrypting is generated first identifying code and second identifying code respectively with terminal network appliance.
The present invention also provides a kind of system that preserves and obtain authentication parameter on terminal network appliance, comprises user terminal and terminal network appliance, wherein:
Described user terminal, be used for when preserving authentication parameter, receive user's preservation authentication parameter request after, authentication parameter is encrypted, and the authentication parameter after encrypting is calculated generation first identifying code preserved, the authentication parameter after will being encrypted by user terminal is again issued terminal network appliance; Described user terminal is used for when obtaining authentication parameter, receive the user obtain the authentication parameter request after, obtain first identifying code of previous preservation, and this obtained the authentication parameter request and first identifying code sends to terminal network appliance; And the authentication parameter after the encryption that is used for terminal network appliance is returned is decrypted;
Described terminal network appliance is used for when preserving authentication parameter the authentication parameter after this encryption being preserved; Described terminal network appliance is used for when obtaining authentication parameter, receive obtain the authentication parameter request after, calculate generation second identifying code according to the authentication parameter after the encryption of previous preservation, and this second identifying code and first identifying code compared, if both are identical, the authentication parameter after then terminal network appliance will be encrypted sends to user terminal processes; Otherwise terminal network appliance returns error message and gives user terminal.
According to system of the present invention, described user terminal includes first main control module, parameter encrypting module, parameter deciphering module, the first identifying code generation module and first storage medium; Described terminal network appliance includes second main control module, parameter is preserved module, parameter acquisition module, the second identifying code generation module and second storage medium;
First main control module of described user terminal, be used for when preserving authentication parameter, after receiving user's preservation authentication parameter request, authentication parameter is sent to the parameter encrypting module to encrypt, the authentication parameter after will encrypting again sends to the first identifying code generation module to generate first identifying code; First main control module also is used for sending the request of preservation authentication parameter to second main control module of terminal network appliance, and comprises the authentication parameter after the encryption in this preservation authentication parameter request; First main control module of described user terminal is used for when obtaining authentication parameter, receive the user obtain the authentication parameter request after, send the first identifying code request of obtaining obtaining first identifying code to the first identifying code generation module, and this is obtained second main control module that authentication parameter request and first identifying code send to terminal network appliance; After first main control module also is used to receive authentication parameter after the encryption that second main control module of terminal network appliance sends, authentication parameter after this encryption is transferred to the parameter deciphering module to be decrypted, perhaps second main control module of the receiving terminal network equipment error message of sending;
The parameter encrypting module of described user terminal is used for this authentication parameter is encrypted, and the authentication parameter after will encrypting returning to first main control module when preserving authentication parameter;
The parameter deciphering module of described user terminal is used for when obtaining authentication parameter, the authentication parameter after this encryption is decrypted, and the authentication parameter after will deciphering sends to first main control module;
The first identifying code generation module of described user terminal is used for when preserving authentication parameter, and the authentication parameter after this is encrypted calculates and generates first identifying code, and this first identifying code is saved in first storage medium; The first identifying code generation module of described user terminal is used for when obtaining authentication parameter, reads first identifying code and return to first main control module from first storage medium;
Second main control module of described terminal network appliance is used for when preserving authentication parameter, the authentication parameter after this encryption is sent to parameter preserve module to preserve; Second main control module of described terminal network appliance is used for when obtaining authentication parameter, receiving that this obtains is transmitted to parameter acquisition module after the authentication parameter request obtaining the authentication parameter after the encryption, and the authentication parameter after will encrypting sends to the second identifying code generation module to obtain second identifying code; By second main control module this second identifying code and first identifying code are compared again, if both are identical, authentication parameter after then second main control module will be encrypted sends to first main control module of user terminal, if both are inequality, then second main control module returns error message to first main control module of user terminal;
The parameter of described terminal network appliance is preserved module, is used for when preserving authentication parameter, and the authentication parameter after encrypting is saved in second storage medium;
The parameter acquisition module of described terminal network appliance is used for when obtaining authentication parameter, and the authentication parameter from second storage medium after the reading encrypted also returns to second main control module;
The second identifying code generation module of described terminal network appliance is used for when obtaining authentication parameter, the authentication parameter after this encryption is calculated generate second identifying code and return to second main control module.
The invention provides a kind of technology of preserving and/or obtain authentication parameter on terminal network appliance safely, when preserving authentication parameter on terminal network appliance, user terminal calculates the authentication parameter after encrypting and generates first identifying code; And when on terminal network appliance, obtaining authentication parameter, the authentication parameter of terminal network appliance after to the encryption of preserving in advance generates second identifying code, and first identifying code and second identifying code compared, it is identical to have both only, and terminal network appliance just can send to user terminal with the authentication parameter after encrypting and be decrypted.Whereby; the present invention is after terminal network appliance is by trespassory taking; if illegal person does not obtain identifying code simultaneously; even under the situation that user terminal can be correctly decoded the authentication parameter after encrypting; also can't obtain authentication parameter; thereby the terminal network appliance that can't normally use theft has been protected the possessory rights and interests of terminal network appliance, has improved the fail safe of network communication simultaneously.
Description of drawings
Fig. 1 is the present invention preserved and/or obtained authentication parameter on terminal network appliance a system construction drawing;
Fig. 2 is the present invention preserves authentication parameter on terminal network appliance a method flow diagram;
Fig. 3 is the present invention obtains authentication parameter on terminal network appliance a method flow diagram;
Fig. 4 is the flow example figure that preserves authentication parameter in the preferred embodiment of the present invention;
Fig. 5 is the flow example figure that obtains authentication parameter in the preferred embodiment of the present invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
The invention provides a kind of system that on terminal network appliance, preserves and obtain authentication parameter, as shown in Figure 1, this system 1 comprises user terminal 100 and terminal network appliance 200, described user terminal 100 can be PC (Personal Computer, PC), notebook computer and mobile phone etc.; And described terminal network appliance 200 preferably is inserted in the user terminal 100, and it can be a network interface card etc., wherein:
When described system 1 is applied to preserve the processing procedure of authentication parameter:
When landing network first for the user, the flow process of above-mentioned preservation authentication parameter uses.
When described system 1 is applied to obtain the processing procedure of authentication parameter:
The above-mentioned process of obtaining authentication parameter for the user except that first land network the time use.
Whereby, authentication parameter can be preserved and/or obtain to native system 1 safely on terminal network appliance 200, after terminal network appliance 200 is by trespassory taking, if illegal person does not obtain identifying code simultaneously, even under the situation that user terminal 100 can be correctly decoded the authentication parameter after encrypting, also can't obtain authentication parameter, thereby improve the fail safe of network communication.
Particularly, described user terminal 100 includes first main control module 11, parameter encrypting module 12, parameter deciphering module 13, the first identifying code generation module 14 and first storage medium 15; 200 of described terminal network appliances include second main control module 21, parameter is preserved module 22, parameter acquisition module 23, the second identifying code generation module 24 and second storage medium 25.Wherein, first main control module 11 of user terminal 100, parameter encrypting module 12, parameter deciphering module 13 and the first identifying code generation module 14 have constituted subscriber terminal side application subsystem 10; And second main control module 21 of terminal network appliance 200, parameter preservation module 22, parameter acquisition module 23 and the second identifying code generation module 24 have constituted terminal network appliance side embedded subsystem 20.
Subscriber terminal side application subsystem 10, its loading also operates on the user terminal 100, it for example is dial-up program, as with user's direct interface, operation such as finish that authentication parameter that the user sends is preserved and obtained, it includes first main control module 11, parameter encrypting module 12, parameter deciphering module 13 and the first identifying code generation module 14 etc., wherein:
First main control module 11 is used to receive user's indication, coordinates other modules and finishes the preservation of authentication parameter and function such as obtain.
The first identifying code generation module 14 is used for being created on needed first identifying code when obtaining authentication parameter when terminal network appliance 200 is preserved authentication parameter.
Terminal network appliance side embedded subsystem 20, integrated and operate on the terminal network appliance 200, request is preserved or obtained to the authentication parameter that reception subscriber terminal side application subsystem 10 is sent, and after request carried out respective handling, the result who handles is returned to subscriber terminal side application subsystem 10.Terminal network appliance side embedded subsystem 20 includes: second main control module 21, parameter are preserved module 22, parameter acquisition module 23 and the second identifying code generation module 24 etc., wherein:
Second main control module 21 is used to receive the request of subscriber terminal side application subsystem 10, coordinates other modules and finishes the preservation of authentication parameter and function such as obtain, and result is returned to subscriber terminal side application subsystem 10.
Parameter is preserved module 22, and the authentication parameter that is used for receiving is saved in second storage medium 25 of terminal network appliance 200.
The second identifying code generation module 24, be used for when obtaining authentication parameter, calculate generation second identifying code according to the authentication parameter of from terminal network appliance 200, reading, if second identifying code is different with first identifying code that subscriber terminal side application subsystem 10 is sent, then subscriber terminal side application subsystem 10 can't successfully be obtained authentication parameter.
From preserving and obtain two processes of authentication parameter, each module is described in more detail below.
In the processing procedure of preserving authentication parameter:
First main control module 11 of user terminal 100, after being used to receive user's preservation authentication parameter request, authentication parameter is sent to parameter encrypting module 12 to encrypt, and the authentication parameter after will encrypting again sends to the first identifying code generation module 14 to generate first identifying code.First main control module 11 also is used for sending the request of preservation authentication parameter to second main control module 21 of terminal network appliance 200, and comprises the authentication parameter after the encryption in this preservation authentication parameter request.
The parameter encrypting module 12 of user terminal 100 is used for this authentication parameter is encrypted, and the authentication parameter after will encrypting returns to first main control module 11.
The first identifying code generation module 14 of user terminal 100 is used for the authentication parameter after this encryption is calculated generation first identifying code, and this first identifying code is saved in first storage medium 15.
Second main control module 21 of terminal network appliance 200 is used for that the authentication parameter after this encryption is sent to parameter and preserves module 22 to preserve.
The parameter of terminal network appliance 200 is preserved module 22, is used for the authentication parameter after encrypting is saved in second storage medium 25.
In obtaining the processing procedure of authentication parameter:
First main control module 11 of user terminal 100, be used to receive the user obtain the authentication parameter request after, send to the first identifying code generation module 14 and to obtain the first identifying code request to obtain first identifying code; And this is obtained second main control module 21 that authentication parameter request and first identifying code send to terminal network appliance 200; After first main control module 11 also is used to receive authentication parameter after the encryption that second main control module 21 of terminal network appliance 200 sends, authentication parameter after this encryption is transferred to parameter deciphering module 13 to be decrypted, perhaps second main control module 21 of the receiving terminal network equipment 200 error message of sending.
The first identifying code generation module 14 of user terminal 100 is used for reading first identifying code and returning to first main control module 11 from first storage medium 15.
The parameter deciphering module 13 of user terminal 100 is used for the authentication parameter after this encryption is decrypted, and the authentication parameter after will deciphering sends to first main control module 11.
Second main control module 21 of terminal network appliance 200 is used to receive that this obtains is transmitted to parameter acquisition module 23 after the authentication parameter request to obtain the authentication parameter after the encryption; And the authentication parameter after will encrypting sends to the second identifying code generation module 24 to obtain second identifying code; By second main control module 21 this second identifying code and first identifying code are compared again, if both are identical, authentication parameter after then second main control module 21 will be encrypted sends to first main control module 11 of user terminal 100, if both are inequality, then second main control module 21 returns error message to first main control module 11 of user terminal 100.
The parameter acquisition module 23 of terminal network appliance 200 is used for the authentication parameter after second storage medium, 25 reading encrypted and returns to second main control module 21.
The second identifying code generation module 24 of terminal network appliance 200 is used for the authentication parameter after this encryption is calculated generation second identifying code and returns to second main control module 21.
Fig. 2 shows the present invention preserves authentication parameter on terminal network appliance method flow, and this method realizes by system shown in Figure 11, comprises that specifically step has:
Step S201, user terminal 100 encrypt authentication parameter after receiving user's preservation authentication parameter request.
Step S202, the authentication parameter after 100 pairs of encryptions of user terminal calculate and generate first identifying code, and this first identifying code is preserved.
Step S203, the authentication parameter after user terminal 100 will be encrypted is issued terminal network appliance 200, is preserved by the authentication parameter after 200 pairs of these encryptions of terminal network appliance.
Fig. 3 is the present invention obtains authentication parameter on terminal network appliance a method flow, and this method realizes by system shown in Figure 11, comprises that specifically step has:
Step S301, user terminal 100 receive the user obtain the authentication parameter request after, this user terminal 100 obtains first identifying code of previous preservation.
Step S302, user terminal 100 obtains the authentication parameter request with this and sends to terminal network appliance 200, and obtains at this and to carry first identifying code in authentication parameter request.
Step S303, terminal network appliance 200 authentication parameter after according to previous encryption of preserving calculates and generates second identifying code, and second identifying code and first identifying code are compared, and is identical as if both, execution in step S304 then, otherwise execution in step S305.
Step S304, the authentication parameter after terminal network appliance 200 will be encrypted sends to user terminal 100, is decrypted by the authentication parameter after 100 pairs of these encryptions of user terminal.
Step S305, terminal network appliance 200 return error message and give user terminal 100.
Fig. 4 shows the flow example of preserving authentication parameter in the preferred embodiment of the present invention, and it is realized by system shown in Figure 11, uses when the flow process of described preservation authentication parameter is landed network first for the user, comprises that specifically step is as follows:
Step S401, user send to first main control module 11 of subscriber terminal side application subsystem 10 and preserve the authentication parameter requests, owing to be user's logging in network first, so this moment, the user need import the corresponding authentication parameter, and username and password etc. for example.
Step S402 after first main control module 11 of subscriber terminal side application subsystem 10 receives user's preservation authentication parameter request, sends to 12 requests of parameter encrypting module with authentication parameter and encrypts.
Step S403, the parameter encrypting module 12 of subscriber terminal side application subsystem 10 adopt aes algorithms etc. that authentication parameter is encrypted, and the authentication parameter of parameter encrypting module 12 after will encrypting returns to first main control module 11.
Step S404, the authentication parameter after first main control module 11 of subscriber terminal side application subsystem 10 will be encrypted sends to the first identifying code generation module 14, generates first identifying code with request.
Step S405, the authentication parameter after 14 pairs of the first identifying code generation modules of subscriber terminal side application subsystem 10 should be encrypted uses calculating generation first identifying codes such as MD5 algorithm, and first identifying code that is generated is saved in first storage medium 15.
Step S406, first main control module 11 of subscriber terminal side application subsystem 10 sends the request of preservation authentication parameter to second main control module 21 of terminal network appliance side embedded subsystem 20, and comprises the authentication parameter after the encryption in this preservation authentication parameter request.
Step S407, the authentication parameter after second main control module 21 of terminal network appliance side embedded subsystem 20 will be encrypted send to parameter and preserve module 22.
Step S408, the authentication parameter that the parameter of terminal network appliance side embedded subsystem 20 will be preserved after module 22 will be encrypted is saved in second storage medium 25.
Step S409, second storage medium 25 of terminal network appliance side embedded subsystem 20 is preserved module 22 to parameter and is returned the authentication parameter saving result.
Step S410, the parameter of terminal network appliance side embedded subsystem 20 is preserved module 22 this authentication parameter saving result is sent to second main control module 21.
Step S411, second main control module 21 of terminal network appliance side embedded subsystem 20 return to this authentication parameter saving result first main control module 11 of subscriber terminal side application subsystem 10 again.
Step S412, first main control module 11 of subscriber terminal side application subsystem 10 reports to the user with this authentication parameter saving result, is preferably the authentication parameter saving result is shown to the user.
Fig. 5 is a flow example of obtaining authentication parameter in the preferred embodiment of the present invention, it is realized by system shown in Figure 11, the described flow process of obtaining authentication parameter for the user except that first land network the time use, i.e. usefulness during logging in network automatically comprises that specifically step is as follows:
Step S501, the user sends the authentication parameter request of obtaining to first main control module 11 of subscriber terminal side application subsystem 10.
Step S502, first main control module 11 of subscriber terminal side application subsystem 10 receive the user obtain the authentication parameter request after, this first main control module 11 sends the first identifying code request of obtaining to the first identifying code generation module 14.
Step S503, the first identifying code generation module 14 of subscriber terminal side application subsystem 10 reads first identifying code of previous preservation from first storage medium 15.
Step S504, first storage medium 15 of subscriber terminal side application subsystem 10 returns first identifying code to the first identifying code generation module 14.
Step S505, the first identifying code generation module 14 returns to first main control module 11 with first identifying code.
Step S506, first main control module 11 of subscriber terminal side application subsystem 10 obtains second main control module 21 that the authentication parameter request sends to terminal network appliance side embedded subsystem 20 with this, and obtains at this and to carry first identifying code in authentication parameter request.
Step S507, second main control module 21 of terminal network appliance side embedded subsystem 20 obtains the authentication parameter request with this and sends to parameter acquisition module 23.
Step S508, the parameter acquisition module 23 of terminal network appliance side embedded subsystem 20 is the authentication parameter after the reading encrypted from second storage medium 25.
Step S509, the authentication parameter that returns in second storage medium 25 of terminal network appliance side embedded subsystem 20 after the encryption is given parameter acquisition module 23.
Step S510, the authentication parameter after the parameter acquisition module 23 of terminal network appliance side embedded subsystem 20 will be encrypted returns to second main control module 21.
Step S511, the authentication parameter after second main control module 21 of terminal network appliance side embedded subsystem 20 will be encrypted sends to the second identifying code generation module 24, generates second identifying code with request.
Step S512, calculating such as the authentication parameter employing MD5 algorithm after 24 pairs of these encryptions of the second identifying code generation module of terminal network appliance side embedded subsystem 20 generate second identifying code and return to second main control module 21.
Step S513, second main control module 21 of terminal network appliance side embedded subsystem 20 compares this second identifying code and first identifying code, if both are identical, the then authentication parameter of second main control module 21 after first main control module 11 of subscriber terminal side application subsystem 10 returns encryption, and execution in step S514; Otherwise return error message to first main control module 11, and directly forward step S516 to.
Step S514, the authentication parameter after first main control module 11 of subscriber terminal side application subsystem 10 will be encrypted is transmitted to parameter deciphering module 13.
Step S515, the parameter deciphering module 13 use aes algorithms of subscriber terminal side application subsystem 10 etc. are decrypted the authentication parameter after this encryption, and the authentication parameter after will deciphering sends to first main control module 11.
Step S516, first main control module 11 of subscriber terminal side application subsystem 10 is to user report result getparms, authentication parameter when the 11 acquisition deciphering of first main control module then obtains successful information to the user report authentication parameter, and the mode of report is limited to demonstration; Perhaps, when first main control module 11 obtains error message, then obtain failure information to the user report authentication parameter.
In summary, the invention provides a kind of technology of preserving and obtain authentication parameter on terminal network appliance safely, when preserving authentication parameter on terminal network appliance, user terminal calculates the authentication parameter after encrypting and generates first identifying code; And when on terminal network appliance, obtaining authentication parameter, the authentication parameter of terminal network appliance after to the encryption of preserving in advance generates second identifying code, and first identifying code and second identifying code compared, it is identical to have both only, and terminal network appliance just can send to user terminal with the authentication parameter after encrypting and be decrypted.Whereby; the present invention is after terminal network appliance is by trespassory taking; if illegal person does not obtain identifying code simultaneously; even under the situation that user terminal can be correctly decoded the authentication parameter after encrypting; also can't obtain authentication parameter; thereby the terminal network appliance that can't normally use theft has been protected the possessory rights and interests of terminal network appliance, has improved the fail safe of network communication simultaneously.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (9)
1. method of on terminal network appliance, preserving and obtaining authentication parameter, be applied to comprise the system of user terminal and terminal network appliance, it is characterized in that described method comprises step of preserving authentication parameter and the step of obtaining authentication parameter, the step of described preservation authentication parameter comprises:
A) after user terminal receives user's preservation authentication parameter request, authentication parameter is encrypted;
B) user terminal calculates the authentication parameter after encrypting and generates first identifying code, and this first identifying code is preserved;
C) authentication parameter after user terminal will be encrypted is issued terminal network appliance, is preserved by the authentication parameter of terminal network appliance after to this encryption;
The described step of obtaining authentication parameter comprises:
A) user terminal receive the user obtain the authentication parameter request after, this user terminal obtains first identifying code of previous preservation;
B) user terminal obtains the authentication parameter request with this and sends to terminal network appliance, and obtains at this and to carry first identifying code in authentication parameter request;
C) authentication parameter of terminal network appliance after according to previous encryption of preserving calculates and generate second identifying code, and second identifying code and first identifying code are compared, and be identical as if both, execution in step d then, otherwise execution in step e;
D) authentication parameter after terminal network appliance will be encrypted sends to user terminal, is decrypted by the authentication parameter of user terminal after to this encryption;
E) terminal network appliance returns error message and gives user terminal;
Described user terminal uses identical algorithm that the authentication parameter after encrypting is generated first identifying code and second identifying code respectively with terminal network appliance.
2. method according to claim 1 is characterized in that, described user terminal includes first main control module, parameter encrypting module, parameter deciphering module, the first identifying code generation module and first storage medium; Described terminal network appliance includes second main control module, parameter is preserved module, parameter acquisition module, the second identifying code generation module and second storage medium;
The step of described preservation authentication parameter further comprises:
A) after first main control module of user terminal receives user's preservation authentication parameter request, authentication parameter is sent to the parameter encrypting module, by this parameter encrypting module authentication parameter is encrypted, and the authentication parameter of parameter encrypting module after will encrypting returns to first main control module;
B) authentication parameter after first main control module of user terminal will be encrypted sends to the first identifying code generation module, authentication parameter after by the first identifying code generation module this being encrypted calculates and generates first identifying code, and this first identifying code is saved in first storage medium;
C) first main control module of user terminal sends the authentication parameter request of preserving to second main control module of terminal network appliance, and comprise the authentication parameter after the encryption in this preservation authentication parameter request, authentication parameter after will being encrypted by second main control module of terminal network appliance sends to parameter and preserves module, and the authentication parameter of being preserved after module will be encrypted by this parameter is saved in second storage medium again;
The described step of obtaining authentication parameter further comprises:
A) first main control module of user terminal receive the user obtain the authentication parameter request after, this first main control module sends to the first identifying code generation module and obtains the first identifying code request, and this first identifying code generation module reads first identifying code and returns to first main control module from first storage medium;
B) first main control module of user terminal obtains second main control module that the authentication parameter request sends to terminal network appliance with this, and obtains at this and to carry first identifying code in authentication parameter request;
C) second main control module of terminal network appliance obtains the authentication parameter request with this and sends to parameter acquisition module, this parameter acquisition module authentication parameter after the reading encrypted and return to second main control module from second storage medium; Authentication parameter after this second main control module will be encrypted sends to the second identifying code generation module, the authentication parameter of this second identifying code generation module after to this encryption calculates and generates second identifying code and return to second main control module, by second main control module this second identifying code and first identifying code are compared, if both are identical, execution in step d then, otherwise execution in step e;
D) authentication parameter after second main control module of terminal network appliance will be encrypted sends to first main control module of user terminal, authentication parameter after will being encrypted by first main control module again is transmitted to the parameter deciphering module of user terminal, be decrypted by the authentication parameter of parameter deciphering module after, and the authentication parameter after will deciphering sends to first main control module this encryption;
E) second main control module of terminal network appliance returns error message to first main control module of user terminal.
3. method according to claim 2 is characterized in that, first main control module of described user terminal, parameter encrypting module, parameter deciphering module and the first identifying code generation module have constituted the subscriber terminal side application subsystem.
4. method according to claim 2 is characterized in that, second main control module of described terminal network appliance, parameter are preserved module, parameter acquisition module and the second identifying code generation module and constituted terminal network appliance side embedded subsystem.
5. method according to claim 2 is characterized in that, in the step of described preservation authentication parameter, also comprises after the described step C:
The parameter of D, terminal network appliance is preserved module the authentication parameter saving result is sent to second main control module; Second main control module returns to this authentication parameter saving result first main control module of user terminal again; This first main control module reports to the user with this authentication parameter saving result.
6. method according to claim 2 is characterized in that, in the described step of obtaining authentication parameter:
Behind the authentication parameter after user terminal obtains deciphering in the described steps d, first main control module of user terminal obtains successful information to the user report authentication parameter;
After user terminal received error message among the described step e, first main control module of user terminal obtained failure information to the user report authentication parameter.
7. method according to claim 1 is characterized in that, the step of described preservation authentication parameter is used when landing network first for the user, and the described step of obtaining authentication parameter for the user except that first land network the time use.
8. the system of a realization such as each method of claim 1~7 comprises user terminal and terminal network appliance, it is characterized in that,
Described user terminal, be used for when preserving authentication parameter, receive user's preservation authentication parameter request after, authentication parameter is encrypted, and the authentication parameter after encrypting is calculated generation first identifying code preserved, the authentication parameter after will being encrypted by user terminal is again issued terminal network appliance; Described user terminal is used for when obtaining authentication parameter, receive the user obtain the authentication parameter request after, obtain first identifying code of previous preservation, and this obtained the authentication parameter request and first identifying code sends to terminal network appliance; And the authentication parameter after the encryption that is used for terminal network appliance is returned is decrypted;
Described terminal network appliance is used for when preserving authentication parameter the authentication parameter after this encryption being preserved; Described terminal network appliance is used for when obtaining authentication parameter, receive obtain the authentication parameter request after, calculate generation second identifying code according to the authentication parameter after the encryption of previous preservation, and this second identifying code and first identifying code compared, if both are identical, the authentication parameter after then terminal network appliance will be encrypted sends to user terminal processes; Otherwise terminal network appliance returns error message and gives user terminal;
Described user terminal uses identical algorithm that the authentication parameter after encrypting is generated first identifying code and second identifying code respectively with terminal network appliance.
9. system according to claim 8 is characterized in that, described user terminal includes first main control module, parameter encrypting module, parameter deciphering module, the first identifying code generation module and first storage medium; Described terminal network appliance includes second main control module, parameter is preserved module, parameter acquisition module, the second identifying code generation module and second storage medium;
First main control module of described user terminal, be used for when preserving authentication parameter, after receiving user's preservation authentication parameter request, authentication parameter is sent to the parameter encrypting module to encrypt, the authentication parameter after will encrypting again sends to the first identifying code generation module to generate first identifying code; First main control module also is used for sending the request of preservation authentication parameter to second main control module of terminal network appliance, and comprises the authentication parameter after the encryption in this preservation authentication parameter request; First main control module of described user terminal is used for when obtaining authentication parameter, receive the user obtain the authentication parameter request after, send the first identifying code request of obtaining obtaining first identifying code to the first identifying code generation module, and this is obtained second main control module that authentication parameter request and first identifying code send to terminal network appliance; After first main control module also is used to receive authentication parameter after the encryption that second main control module of terminal network appliance sends, authentication parameter after this encryption is transferred to the parameter deciphering module to be decrypted, perhaps second main control module of the receiving terminal network equipment error message of sending;
The parameter encrypting module of described user terminal is used for this authentication parameter is encrypted, and the authentication parameter after will encrypting returning to first main control module when preserving authentication parameter;
The parameter deciphering module of described user terminal is used for when obtaining authentication parameter, the authentication parameter after this encryption is decrypted, and the authentication parameter after will deciphering sends to first main control module;
The first identifying code generation module of described user terminal is used for when preserving authentication parameter, and the authentication parameter after this is encrypted calculates and generates first identifying code, and this first identifying code is saved in first storage medium; The first identifying code generation module of described user terminal is used for when obtaining authentication parameter, reads first identifying code and return to first main control module from first storage medium;
Second main control module of described terminal network appliance is used for when preserving authentication parameter, the authentication parameter after this encryption is sent to parameter preserve module to preserve; Second main control module of described terminal network appliance is used for when obtaining authentication parameter, receiving that this obtains is transmitted to parameter acquisition module after the authentication parameter request obtaining the authentication parameter after the encryption, and the authentication parameter after will encrypting sends to the second identifying code generation module to obtain second identifying code; By second main control module this second identifying code and first identifying code are compared again, if both are identical, authentication parameter after then second main control module will be encrypted sends to first main control module of user terminal, if both are inequality, then second main control module returns error message to first main control module of user terminal;
The parameter of described terminal network appliance is preserved module, is used for when preserving authentication parameter, and the authentication parameter after encrypting is saved in second storage medium;
The parameter acquisition module of described terminal network appliance is used for when obtaining authentication parameter, and the authentication parameter from second storage medium after the reading encrypted also returns to second main control module;
The second identifying code generation module of described terminal network appliance is used for when obtaining authentication parameter, the authentication parameter after this encryption is calculated generate second identifying code and return to second main control module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101772199A CN101159542B (en) | 2007-11-12 | 2007-11-12 | Method and system for saving and/or obtaining authentication parameter on terminal network appliance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101772199A CN101159542B (en) | 2007-11-12 | 2007-11-12 | Method and system for saving and/or obtaining authentication parameter on terminal network appliance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101159542A CN101159542A (en) | 2008-04-09 |
| CN101159542B true CN101159542B (en) | 2010-06-09 |
Family
ID=39307478
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101772199A Expired - Fee Related CN101159542B (en) | 2007-11-12 | 2007-11-12 | Method and system for saving and/or obtaining authentication parameter on terminal network appliance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101159542B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101807236B (en) * | 2010-02-08 | 2012-11-28 | 深圳市同洲电子股份有限公司 | Authentication method, authentication system and corresponding terminal and headend equipment |
| CN101815292B (en) * | 2010-04-22 | 2014-04-30 | 中兴通讯股份有限公司 | Device and method for protecting data of mobile terminal |
| CN102231766B (en) * | 2011-07-28 | 2013-10-09 | 北京蓝汛通信技术有限责任公司 | Method and system for analyzing and verifying domain name |
| CN111047849B (en) * | 2019-12-30 | 2021-05-18 | 江苏大周基业智能科技有限公司 | Networking remote control password module and safe remote control system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547142A (en) * | 2003-12-12 | 2004-11-17 | ���пƼ���ѧ | A dynamic identity certification method and system |
| CN1567294A (en) * | 2003-06-14 | 2005-01-19 | 华为技术有限公司 | User certification method |
| CN1949235A (en) * | 2006-04-24 | 2007-04-18 | 南京熊猫电子股份有限公司 | Tax controlling equipment software edition intelligent upgrade encryption identification method |
| CN101043335A (en) * | 2007-03-12 | 2007-09-26 | 中国建设银行股份有限公司 | Information security control system |
-
2007
- 2007-11-12 CN CN2007101772199A patent/CN101159542B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567294A (en) * | 2003-06-14 | 2005-01-19 | 华为技术有限公司 | User certification method |
| CN1547142A (en) * | 2003-12-12 | 2004-11-17 | ���пƼ���ѧ | A dynamic identity certification method and system |
| CN1949235A (en) * | 2006-04-24 | 2007-04-18 | 南京熊猫电子股份有限公司 | Tax controlling equipment software edition intelligent upgrade encryption identification method |
| CN101043335A (en) * | 2007-03-12 | 2007-09-26 | 中国建设银行股份有限公司 | Information security control system |
Non-Patent Citations (2)
| Title |
|---|
| JP特开平10-83297A 1998.03.31 |
| 文炜,温斌.SCDMA无线数字集群系统安全与信息保护.现代电信科技.2003,26-30. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101159542A (en) | 2008-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105205898B (en) | A kind of electronic cipher Rights Management System of smart lock | |
| CN100490372C (en) | A method for backup and recovery of encryption key | |
| US8904195B1 (en) | Methods and systems for secure communications between client applications and secure elements in mobile devices | |
| CN105553951A (en) | Data transmission method and data transmission device | |
| CN102065148A (en) | Memory system access authorizing method based on communication network | |
| US20170230365A1 (en) | Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device | |
| KR20050065534A (en) | Mobile network authentication for protecting stored content | |
| US11985245B2 (en) | Access security system using security card and mobile terminal, and security method for same | |
| US9276748B2 (en) | Data-encrypting method and decrypting method for a mobile phone | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN103888938A (en) | PKI private key protection method of dynamically generated key based on parameters | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN101771680B (en) | Method for writing data to smart card, system and remote writing-card terminal | |
| CN113472793A (en) | Personal data protection system based on hardware password equipment | |
| US9400892B2 (en) | Apparatus and method to secure an electronic storage using a secure element | |
| EP2365660A1 (en) | System and method for remote reset of password and encryption key | |
| CN101711028B (en) | Method for automatically protecting user data on mobile terminal | |
| CN115150180A (en) | Storage device management method, storage device, management device, and storage medium | |
| CN101159542B (en) | Method and system for saving and/or obtaining authentication parameter on terminal network appliance | |
| KR101358375B1 (en) | Prevention security system and method for smishing | |
| CN104796262A (en) | Data encryption method and terminal system | |
| Baek et al. | Secure and lightweight authentication protocol for NFC tag based services | |
| CN103916834A (en) | Short message encryption method and system allowing user to have exclusive secret key | |
| CN113778749A (en) | Data backup method and electronic equipment | |
| Kavya et al. | Vulnerability analysis and security system for NFC-enabled mobile phones |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100609 Termination date: 20151112 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |